diff --git a/biz/attachment.go b/biz/attachment.go
index f3b9418..e76474c 100644
--- a/biz/attachment.go
+++ b/biz/attachment.go
@@ -186,7 +186,7 @@ func (s *AttachmentAPIService) UploadDocument(ctx *gin.Context) {
}
// 检查用户是否有权限上传文档
- if !s.dbModel.CanIUploadDocument(userClaims.UserId) {
+ if !s.dbModel.CanIAccessUploadDocument(userClaims.UserId) {
ctx.JSON(http.StatusForbidden, ginResponse{Code: http.StatusForbidden, Message: "没有权限上传文档", Error: "没有权限上传文档"})
return
}
diff --git a/biz/comment.go b/biz/comment.go
index ceaf13d..bc0bb63 100644
--- a/biz/comment.go
+++ b/biz/comment.go
@@ -47,6 +47,10 @@ func (s *CommentAPIService) CreateComment(ctx context.Context, req *pb.CreateCom
return nil, status.Errorf(codes.InvalidArgument, "验证码错误")
}
+ if yes, _ := s.dbModel.CanIAccessComment(userClaims.UserId); !yes {
+ return nil, status.Errorf(codes.PermissionDenied, "您已经被禁止发表评论")
+ }
+
comment := &model.Comment{}
err = util.CopyStruct(req, comment)
if err != nil {
diff --git a/biz/document.go b/biz/document.go
index 15f4018..35d5016 100644
--- a/biz/document.go
+++ b/biz/document.go
@@ -54,7 +54,7 @@ func (s *DocumentAPIService) CreateDocument(ctx context.Context, req *pb.CreateD
return nil, err
}
- if !s.dbModel.CanIUploadDocument(userCliams.UserId) {
+ if !s.dbModel.CanIAccessUploadDocument(userCliams.UserId) {
return nil, status.Error(codes.PermissionDenied, "没有权限上传文档")
}
@@ -673,6 +673,10 @@ func (s *DocumentAPIService) DownloadDocument(ctx context.Context, req *pb.Docum
userId = userClaims.UserId
}
+ if yes, _ := s.dbModel.CanIAccessDownload(userId); !yes {
+ return res, status.Errorf(codes.PermissionDenied, "您的账户已被禁止下载文档")
+ }
+
ip := ""
ips, _ := util.GetGRPCRemoteIP(ctx)
if len(ips) > 0 {
diff --git a/biz/favorite.go b/biz/favorite.go
index eca55e8..cb79108 100644
--- a/biz/favorite.go
+++ b/biz/favorite.go
@@ -34,6 +34,11 @@ func (s *FavoriteAPIService) CreateFavorite(ctx context.Context, req *pb.Favorit
return nil, err
}
+ yes, _ := s.dbModel.CanIAccessFavorite(userClaims.UserId)
+ if !yes {
+ return nil, status.Errorf(codes.PermissionDenied, "您已经被禁止收藏文档")
+ }
+
favorite := &model.Favorite{
UserId: userClaims.UserId,
DocumentId: req.DocumentId,
diff --git a/biz/user.go b/biz/user.go
index ddbf643..70aa5ce 100644
--- a/biz/user.go
+++ b/biz/user.go
@@ -541,7 +541,7 @@ func (s *UserAPIService) CanIUploadDocument(ctx context.Context, req *emptypb.Em
return nil, err
}
- if !s.dbModel.CanIUploadDocument(userClaims.UserId) {
+ if !s.dbModel.CanIAccessUploadDocument(userClaims.UserId) {
return nil, status.Errorf(codes.PermissionDenied, "您没有上传文档的权限")
}
diff --git a/model/punishment.go b/model/punishment.go
index 21efd84..b8ed725 100644
--- a/model/punishment.go
+++ b/model/punishment.go
@@ -165,3 +165,24 @@ func (m *DBModel) DeletePunishment(ids []int64) (err error) {
}
return
}
+
+func (m *DBModel) isInPunishing(userId int64, types []int) (yes bool, err error) {
+ if userId <= 1 {
+ return false, nil
+ }
+
+ punishment := &Punishment{}
+ err = m.db.Model(punishment).Select("id").
+ Where(
+ "user_id = ? and enable = ? and type in ? and (end_time IS NULL or end_time > ?)",
+ userId, true, types, time.Now(),
+ ).Find(&punishment).Error
+ if err != nil {
+ if err == gorm.ErrRecordNotFound {
+ return false, nil
+ }
+ m.logger.Error("isInPunishing", zap.Error(err))
+ return
+ }
+ return punishment.Id > 0, nil
+}
diff --git a/model/user.go b/model/user.go
index 260d48d..9b12505 100644
--- a/model/user.go
+++ b/model/user.go
@@ -411,7 +411,13 @@ func (m *DBModel) SetUserGroupAndPassword(userId int64, groupId []int64, passwor
}
// CanIUploadDocument 判断用户是否有上传文档的权限
-func (m *DBModel) CanIUploadDocument(userId int64) (yes bool) {
+// 1. 用户是否被禁用或被处罚禁止上传文档
+// 2. 用户所在的用户组是否允许上传文档
+func (m *DBModel) CanIAccessUploadDocument(userId int64) (yes bool) {
+ if inPunishing, _ := m.isInPunishing(userId, []int{PunishmentTypeDisabled, PunishmentTypeUploadLimited}); inPunishing {
+ return false
+ }
+
var (
tableGroup = Group{}.TableName()
tableUserGroup = UserGroup{}.TableName()
@@ -427,6 +433,39 @@ func (m *DBModel) CanIUploadDocument(userId int64) (yes bool) {
return group.Id > 0
}
+// 用户是否可以下载文档:被禁用的账号或被禁止下载的账户不能下载
+func (m *DBModel) CanIAccessDownload(userId int64) (yes bool, err error) {
+ yes, err = m.isInPunishing(userId, []int{PunishmentTypeDownloadLimited, PunishmentTypeDisabled})
+ yes = !yes
+ if err != nil {
+ m.logger.Error("CanIAccessDownload", zap.Error(err))
+ return
+ }
+ return
+}
+
+// 用户是否可以评论
+func (m *DBModel) CanIAccessComment(userId int64) (yes bool, err error) {
+ yes, err = m.isInPunishing(userId, []int{PunishmentTypeCommentLimited, PunishmentTypeDisabled})
+ yes = !yes
+ if err != nil {
+ m.logger.Error("CanIAccessComment", zap.Error(err))
+ return
+ }
+ return
+}
+
+// 用户是否可以收藏文档
+func (m *DBModel) CanIAccessFavorite(userId int64) (yes bool, err error) {
+ yes, err = m.isInPunishing(userId, []int{PunishmentTypeFavoriteLimited, PunishmentTypeDisabled})
+ yes = !yes
+ if err != nil {
+ m.logger.Error("CanIAccessFavorite", zap.Error(err))
+ return
+ }
+ return
+}
+
// 用户是否发表评论
func (m *DBModel) CanIPublishComment(userId int64) (defaultCommentStatus int8, err error) {
if userId <= 0 {
diff --git a/web/components/FormPunishment.vue b/web/components/FormPunishment.vue
index 8ade6bc..948e04c 100644
--- a/web/components/FormPunishment.vue
+++ b/web/components/FormPunishment.vue
@@ -36,7 +36,18 @@
-
+
+
+ 处罚类型
+
+
- 您所在用户组暂无权限上传文档
+ 您暂无权限上传文档
您未登录,请先登录